Date: Wed, 31 Oct 2018 18:18:10 +0530
From: Siddharth Sharma <siddharth@...hat.com>
To: OSS Security List <oss-security@...ts.openwall.com>
Subject: glusterfs: multiple flaws
Hi,
We were informed about several security flaws affecting glusterfs.
All of the following bugs were reported by Michael Hanselmann (hansmi.ch).
CVE-2018-14651
==============
It was found that the fix for CVE-2018-10927, CVE-2018-10928, CVE-2018-10929,
CVE-2018-10930, and CVE-2018-10926 was incomplete. A remote, authenticated
attacker could use one of these flaws to execute arbitrary code, create
arbitrary files, or cause denial of service on glusterfs server nodes via
symlinks to relative paths.
CVE-2018-14652
==============
A buffer overflow was found in strncpy of the pl_getxattr() function. An
authenticated attacker could remotely overflow the buffer by sending a buffer
of larger length than the size of the key resulting in remote denial of
service.
CVE-2018-14653
==============
A buffer overflow on the heap was found in gf_getspec_req RPC request. A
remote, authenticated attacker could use this flaw to cause denial of service
and read arbitrary files on glusterfs server node.
CVE-2018-14654
==============
A flaw was found in the way glusterfs server handles client requests. A
remote, authenticated attacker could set arbitrary values for the
GF_XATTROP_ENTRY_IN_KEY and GF_XATTROP_ENTRY_OUT_KEY during xattrop file
operation resulting in creation and deletion of arbitrary files on glusterfs
server node.
CVE-2018-14659
==============
A flaw was found in glusterfs server which allowed clients to create io-stats
dumps on server node. A remote, authenticated attacker could use this flaw to
create io-stats dump on a server without any limitation and utilizing all
available inodes resulting in remote denial of service.
CVE-2018-14660
==============
A flaw was found in glusterfs server which allowed repeated usage of
GF_META_LOCK_KEY xattr. A remote, authenticated attacker could use this flaw
to create multiple locks for single inode by using setxattr repetitively
resulting in memory exhaustion of glusterfs server node.
CVE-2018-14661
==============
It was found that usage of snprintf function in feature/locks translator of
glusterfs server was vulnerable to a format string attack. A remote,
authenticated attacker could use this flaw to cause remote denial of service.
https://www.redhat.com/security/data/cve/CVE-2018-14651.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14652.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14653.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14654.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14659.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14660.htmlhttps://www.redhat.com/security/data/cve/CVE-2018-14661.html
Regards,
--
Siddharth Sharma / Red Hat Product Security / Key ID : 0xD9F6489A
Fingerprint : 6F04 C684 A49C E4CE 8148 E841 CD6F 8E55 D9F6 489A
Download attachment "signature.asc" of type "application/pgp-signature" (834 bytes)